Signet HC

An all-in-one physically secured USB flash drive, authentication tool, and personal information manager you can take with you wherever you go.

Orders placed now ship Nov 10, 2019.

Free US Shipping / $15 Worldwide

11 claimed

$150

Two Signet HC's

Two Signet-HC's, an all-in-one physically secured USB flash drive, authentication tool, and personal information manager you can take with you wherever you go. You can give one Signet to a friend or keep one as a backup device.

Orders placed now ship Nov 10, 2019.

Free US Shipping / $15 Worldwide

14 claimed

$700

Ten Signet HC's

Ten Signet-HC's, an all-in-one physically secured USB flash drive, authentication tool, and personal information manager you can take with you wherever you go. You can give one Signet to a friend or keep one as a backup device.

Orders placed now ship Nov 10, 2019.

Free US Shipping / $40 Worldwide

1 claimed

$3

USB Extension Cable

Helps keep your Signet HC close to your keyboard when the closest USB port is too far away. Can also reduce strain on the device's connector to increase its lifespan. 3'

Recent Updates

As Featured In

"The latest version of the Signet thumbdrive is the Signet HC. The HC has a number of enhanced features and a lower price point, making it an attractive alternative to other high-security flash drives."

Your Libre Personal Information Security Multi-tool

Signet HC is a secure USB drive, and the successor to our first product,
Signet. It’s built with open-hardware and free and
open source software. In addition to being
an encrypted flash drive, it is also a two-factor authentication (2FA) device and a
hardware password and personal information manager, making it a portable
solution to a variety of data security problems. Signet HC’s encrypted data
is password protected and can be unlocked through its cross-platform client
application (available on Windows, MacOS, GNU/Linux, and Android). For convenience,
the client software is stored on the device in a read-only partition allowing
you to use it without downloading software.

Physical Security for Malware Resistance

Signet is physically secured in the sense that a user must take physical action (press a button on the device) to
allow sensitive commands to be executed. Physical security blocks any malicious
software from executing commands on the device. Signet HC’s physical security
features make it resistant to malware in a variety of environments. Signet
implements physical security by requiring the user to press its button to permit
the execution of any sensitive command; the button flashes blue when any
sensitive command is sent to the device.

Two-factor Authentication (2FA)

Two-factor authentication
requires the presence of a secure device in order to
log in to a website or complete an important transaction. Two-factor
authentication compensates for weak or compromised passwords. Signet HC
implements the FIDO U2F and FIDO2 two-factor authentication protocols used by a
variety of popular websites. Once you have paired Signet HC with a compatible
website, you can complete your log in or transaction by pressing the device button
when its light flashes. For added security, Signet HC can be configured to disable two-factor
authentication features until the device is unlocked.

Advanced Mass Storage Security Features

Signet HC can contain several types of storage volumes in its embedded 32 GB flash
memory, each suited to different purposes:

Read-only volumes: Once populated, these volumes are read-only when the device
is locked but write access can be enabled after the device has been unlocked. When
we ship Signet HC we will include a read-only volume with the client software
stored on it.

Encrypted volumes: An encrypted volume is stored in an encrypted
format (AES-128 or AES-256 with cypher block chaining) on the eMMC
that is not visible to your operating system until the device is
unlocked.

One-time-use volumes: Flash drives are often used to transfer files from
one computer to another. This often results in the drives accumulating an
assortment of files from past transfers and risks exposing sensitive data
if the drive is later shared. Signet HC’s one-time-use volumes are
automatically securely erased after being used for a computer-to-computer data
transfer – removing clutter on the drive and protecting your data’s
confidentiality.

Physically-secured volumes: A physically secured volume is visible to the
client but not the operating system. You can request that specific files or
folders be made available to your computer’s operating system. Each request
requires confirmation by pressing your Signet’s button.

Unencrypted volumes: Although our focus is on security, we think it is
important to allow use of the device as an ordinary flash drive when
data security and confidentiality are not critical.

Password and Personal Information Management

Signet HC implements the password management features we developed in the
original Signet device: it
stores a password database in an encrypted format inside its microcontroller’s
internal flash memory. Once the device is unlocked you may view the data
directly in the client and copy to the clipboard.

The client supports browser plugins for Firefox and Chrome that can fill in data
such as login and password information on text forms. The client can also
forward the data to the device’s USB keyboard interface to type data directly
into another application. For website logins, the keyboard device will enter
<tab> and <enter> keystrokes to log in to the website with a single request.

Flexible data storage format

Signet HC is not limited to storing information about account passwords.
Instead, it has a flexible database structure that allows you to create
new data types and to add fields to individual entries for notes and
associated data. This allows you to safely store any data you data you
wish to keep off the cloud.

Backups

Keeping your Signet HC with you comes with the risk of losing the device. You
can configure Signet to regularly back up your data when connected to your
primary computer, to either your computer’s hard disk or a designated removable
media device such as a USB stick or memory card. The Signet client can then
read the backups when you provide the master password, giving you immediate
access to your data and the option to upload the data to a replacement device.
Since backing up the storage volumes can be time consuming their backup options
can be done with a different policy or backup frequency.

Encryption Key Storage and Processing

Signet HC will support the storage and generation of asymmetric cryptographic
keys. In addition to storing such keys, Signet HC can perform
actions with them such as file encryption, file signing, and SSH authentication.
With Signet HC, you can securely use your private cryptographic keys in any
environment.

Our aim is to support most of the common functions of the GNU Privacy Guard
(GPG) software suite. There is such a wide variety of cryptographic algorithms
in use that there are likely to be some algorithms we wont support
immediately. However, it should be easy to add new cryptographic algorithms over time.
We will listen to our users to determine which features are most important.

Multi-profile Support

Signet HC supports the creation of multiple profiles, each with its own unlock
password. Each profile can be configured to display only some database entries
or storage volumes stored on the device. This allows you to create different
profiles with different settings to prevent sensitive information being seen by
eavesdroppers. A common use case would be keep your personal accounts (such as
dating sites, online shopping, etc.) invisible when you’re at work. The
multi-profile feature provides “plausible deniability” since it is
not possible to know about the existence of the different profiles without
knowing their unlock passwords. Signet HC makes it easy to maintain multiple
profiles by allowing you to assign tags to data. When you create a profile you
can specify a set of tags that will be visible in that profile.

Our Open Source Commitment

As with the original Signet, we will release source code and CAD files for Signet HC before
we deliver the devices. We will release the software under the GPLv3 license and
the hardware specifications under the CERN Open Hardware License v1.2. We
believe sharing our files under free software licenses is essential to
developing a credible, secure system – closed systems can harbor defects or even
backdoors that are harder to find and fix compared to open systems. We invite
outside observers to study our systems to look for any security flaws.

Extensible Design

Our devices will not be locked down by default, allowing you to
upload your own firmware. Users are free to study the design, make changes to
the hardware or firmware as they see fit, or even develop entirely new
applications for the hardware.

You’ll be able to choose to lock down the firmware to add a level of tamper
resistance to the device. Even locking down the firmware is reversible as long
as the device data is wiped first. This increases the difficulty of attacking a
stolen device while still protecting a user’s right to use the device for
another purpose after locking it down.

In order to make the hardware itself expandable, we have exposed several electrical signals on the
board:

BOOT0 pin: By pulling this signal high you can enter the
microcontroller’s bootloader to flash the firmware. The standard firmware
has its own upgrade mechanism, but you might need this signal if you decide to
use a completely different firmware image.

Three GPIO pins: They can all be used for general purpose signaling and two
of them can be configured as a UART port.

Single wire debug (SWD) lines: You can use these signals to debug the
hardware in real time. For security, this feature is automatically disabled if
you lock down the firmware.

Comparisons

Signet HC offers a number of new hardware and software features compared to
Signet. Signet contained only a 256 KB microcontroller flash memory whereas
Signet has a 32 GB eMMC memory in addition to a 512 KB microcontroller flash
memory. It is also runs substantially faster at 216 Mhz with a cryptographic
accelerator. The original Signet ran at only 48 Mhz with no cryptographic
accelleration. Signet’s capabilities were well suited for managing and
encrypting its personal information database. Signet HC’s more advanced
capabilities allow it keep Signet’s database capabilites, handle mass storage
encryption and perform many other new fuctions.

Signet HC

Iron Key D250

Kingston Vault privacy

Nitrokey Storage 2

Length

52 mm

75 mm

78 mm

70 mm

FIDO U2F support

Yes

No

No

No

One-time password (OTP) support

Yes

No

No

Yes

Password management features

Yes

No

No

Limited

Private key storage/algorithms

Yes

No

No

Yes

Physical Security Features

Yes

No

No

No

Encrypted read/write speed (averaged)

15 MB/s

19 MB/s

66 MB/s

5.5 MB/s

Mass storage capacity

32 GB

16 GB

32 GB

32 GB

Price

$80

$268

$100

$182

There’s a wide range of prices for encrypted storage devices, but we think most are
priced much higher than they should be. Unfortunately, we cannot exceed the
transfer speeds of the proprietary USB storage drives we have looked at.
Notably these products generally don’t offer significant features beyond drive
encryption. Another factor is that we have prioritized keeping Signet HC
compact. All devices offering encrypted mass storage capabilities we’ve looked
at are 70mm or longer. We limited our device length to 52mm which is the length
of the average house key.

Manufacturing Plan

The PCBA will be manufactured and assembled by PCAWay. We will have 100
circuit boards made during the campaign and will increase the order quantity as needed for fulfillment.

If we receive more than 1,000 orders we will have the buttons injection molded
to speed up production. Otherwise, we will have the buttons 3D printed in
resin. Each 3D printed button will require some manual work such as support
removal, sanding, and defect identification.

The enclosure will be injection molded. The mold has already been produced;
we have tested samples from the mold and they fit the PCBA design well. We
will order 500 parts initially during the campaign. If we have more than 500
orders we will make additional enclosures as needed.

Assembly consists of inserting the button and PCBA into the enclosure halves
and snapping the enclosure halves together. After assembly, each unit will go
through a basic functional test and have its eMMC memory tested for bad blocks.
Devices that pass the functional test and two rounds of bad block checking will
be deemed suitable for shipping.

Fulfillment & Logistics

We will ship assembled Signet HC units to Crowd Supply for
distribution to backers. For more information, see Crowd Supply’s ordering and
shipping
page.

Risks and Challenges

We have reduced many campaign risks by building production-quality
prototypes and putting them through stress tests as well as everyday
use cases. The main remaining risks we see are:

Problems with PCBA Manufacturing

We will have our volume PCBA orders
manufactured by PCBWay, which is a different company than the one we used to
build our prototypes. They are a reputable company but there is always a
risk that miscommunication or differences in their manufacturing processes
will reveal new problems. By limiting the size of our initial production
order, we will be giving ourselves a chance to correct any initial issues
before they become too costly.

Problems with Component Availability

Both our microcontroller and eMMC
memory chip of choice are not well stocked by distributors. We have procured
250 eMMC chips in advance to make sure there are no delays in our initial
order of 100 PCBAs. It’s possible that at higher volumes fulfillment could be
delayed while we locate new suppliers or wait for distributors to refresh
their stock.

Software Deliverables

We are promising many software features, some of
which are not present in the original Signet and have not been prototyped yet for
Signet HC. In many cases, there are open source projects and libraries that
we can incorporate or refer to, so these features can be added rapidly.
That said, there is still a risk that fulfillment gets delayed by
software development alone. In this case, we may decide to ship the
hardware with some software features missing and then provide the missing
features in an update.